package org.example.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.userDetailsService(userDetailsService);

        http.csrf().disable()//跨站点请求伪造
                .authorizeRequests()
                .antMatchers("/index.html","/js/**").permitAll()
                .antMatchers("/mobile/**").hasAnyAuthority("mobile")
                .antMatchers("/salary/**").hasAnyAuthority("salary")
                //如果想要访问ww资源，需要用户有ROLE_salary权限
                //.antMatchers("/ww").hasAnyRole("salary")
                //.antMatchers("/qqq").access("hasAnyAuthority('mobile')")
                .antMatchers("/common/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .rememberMe().userDetailsService(userDetailsService)
                .and()
                .formLogin()
                //配置自己的登录页
//                .loginPage("/index.html").loginProcessingUrl("/login")
                .defaultSuccessUrl("/main.html").failureUrl("/common/loginFailed");
    }
}
